package com.djf.eg.auth;

import java.util.HashMap;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;

import javax.servlet.Filter;

import org.apache.shiro.authc.credential.HashedCredentialsMatcher;
import org.apache.shiro.mgt.SecurityManager;
import org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor;
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;

import com.djf.eg.entity.SysShiroFilter;
import com.djf.eg.service.SysShiroFilterService;

@Configuration
public class ShiroConfig {
	
	@Autowired
	SysShiroFilterService sysShiroFilterService;
	
	//将自己的验证方式加入容器
    @Bean
    public DShiroRealm scShiroRealm() {
    	DShiroRealm scShiroRealm = new DShiroRealm();
//    	scShiroRealm.setCredentialsMatcher(new HashedCredentialsMatcher(Sha256Hash.ALGORITHM_NAME));
    	scShiroRealm.setCredentialsMatcher(hashedCredentialsMatcher());
        return scShiroRealm;
    }
    
    //设置自定义matcher
    public HashedCredentialsMatcher hashedCredentialsMatcher() {
        HashedCredentialsMatcher hashedCredentialsMatcher = new HashedCredentialsMatcher();
        // 设置加密方式
        hashedCredentialsMatcher.setHashAlgorithmName(DCryptography.algorithmName);
        // 设置加密次数
        hashedCredentialsMatcher.setHashIterations(DCryptography.hashIterations);
        
        
        return hashedCredentialsMatcher;
    }
    
//    //自定义sessionManager  
//    @Bean  
//    public SessionManager sessionManager() {  
//        DSessionManager mySessionManager = new DSessionManager();  
////        mySessionManager.setSessionDAO(redisSessionDAO());  
//        return mySessionManager;  
//    } 
    
//    /** 
//     * RedisSessionDAO shiro sessionDao层的实现 通过redis 
//     * <p> 
//     * 使用的是shiro-redis开源插件 
//     */  
//    @Bean  
//    public RedisSessionDAO redisSessionDAO() {  
//        RedisSessionDAO redisSessionDAO = new RedisSessionDAO();  
//        redisSessionDAO.setExpire(60);
//        redisSessionDAO.setRedisManager(redisManager());  
//        return redisSessionDAO;  
//    }
    
//    /** 
//     * 配置shiro redisManager 
//     * <p> 
//     * 使用的是shiro-redis开源插件 
//     * 
//     * @return 
//     */  
//    public RedisManager redisManager() {  
//        RedisManager redisManager = new RedisManager();  
////        redisManager.setHost(host);  
////        redisManager.setPort(port);  
//////        redisManager.setExpire(1800);// 配置缓存过期时间  
////        redisManager.setTimeout(timeout);  
////        redisManager.setPassword(password);  
//        return redisManager;  
//    } 
    
    //权限管理，配置主要是Realm的管理认证
    @Bean
    public SecurityManager securityManager() {
        DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
        securityManager.setRealm(scShiroRealm());
//        securityManager.setSessionManager(sessionManager());
//        SecurityUtils.getSubject().getSession().setTimeout(3000);
        return securityManager;
    }
    
    //Filter工厂，设置对应的过滤条件和跳转条件
    @Bean
    public ShiroFilterFactoryBean shiroFilterFactoryBean(SecurityManager securityManager) {
        ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
        shiroFilterFactoryBean.setSecurityManager(securityManager);
        
        Map<String, Filter> filterMap = new LinkedHashMap<>();
        filterMap.put("authc", new ApiPermissionsAuthorizationFilter());
        shiroFilterFactoryBean.setFilters(filterMap);
        
        Map<String,String> map = new HashMap<String, String>();
        List<SysShiroFilter> shiroFilterList = sysShiroFilterService.getShiroFilter();
        
        for (SysShiroFilter shiroFilter : shiroFilterList) {
        	map.put(shiroFilter.getUrl(), shiroFilter.getFilter());
        }
//        //登出
//        map.put("/logout","logout");
//        //设置不拦截链接
//        map.put("/register", "anon");
//        map.put("/auth/login", "anon"); 
//        map.put("/auth/register", "anon"); 
//        map.put("/api/auth/login", "anon"); 
//        map.put("/api/auth/register", "anon"); 
//        map.put("/api/v1/demo/**", "anon"); 
//        map.put("/eg/api/v1/demo/**", "anon"); 
//        map.put("/api/demo/**", "anon"); 
//        //对所有用户认证
//        map.put("/**","authc");
//        //登录 
//        shiroFilterFactoryBean.setLoginUrl("/login");
//        //首页
//        shiroFilterFactoryBean.setSuccessUrl("/index");
//        //错误页面，认证不通过跳转
//        shiroFilterFactoryBean.setUnauthorizedUrl("/error");
        shiroFilterFactoryBean.setFilterChainDefinitionMap(map);
        return shiroFilterFactoryBean;
    }

    //加入注解的使用，不加入这个注解不生效
    @Bean
    public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor(SecurityManager securityManager) {
        AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor = new AuthorizationAttributeSourceAdvisor();
        authorizationAttributeSourceAdvisor.setSecurityManager(securityManager);
        return authorizationAttributeSourceAdvisor;
    }
}
